Connect with us

Hi, what are you looking for?

Tech & Science

Further concerns over Chinese cyberattacks

Automation is a critical component of any sound enterprise cybersecurity strategy.

A data center: Network cables plugged into a server. — © Michael Bocchieri/AFP/Getty Images
A data center: Network cables plugged into a server. — © Michael Bocchieri/AFP/Getty Images

The U.S. government’s intelligence agencies issued a CISA alert during June 2022. This cybersecurity focus warns of exploitation of network providers and devices by Chinese-backed threat actors.

Looking into the matter for Digital Journal is Andrew Kahl, CEO of BackBox (a network automation, security, and management firm).

Kahl begins the analysis by outlining the importance of the government notification and he necessity for state intervention “We applaud CISA for their continued focus on helping organizations protect themselves against attacks by both private and state-sponsored malicious actors.”

Where the business market has not been able to deliver sufficient warning, government agencies have been on message. As Kahl notes: “This continued demonstration of expertise and dedication are some of the reasons we recommend our customers around the world follow CISA’s advice on subjects like this.”

The warning builds upon previous reports. Going back to May 2022, Kahl recollects: “Last month CISA released a joint advisory that recommended prioritizing the patching of software containing known vulnerabilities.”

Putting the strands together, Kahl observes: “These two advisories within a month of each other indicates threat actors are increasingly targeting known vulnerabilities, because they understand many organizations are slow to implement patches”

He adds: “One of the most common vectors for attackers is through known vulnerabilities that otherwise could have been patched. In fact, 87 percent of organizations have experienced an attempted exploit of an already-known, existing vulnerability. Once an attacker successfully exploits a vulnerability they can wreak havoc on a company’s network and bring continuity to a halt.”

In terms of longer-term preventative actions, Kahl advises: “Automation is a critical component of any sound enterprise cybersecurity strategy, enabling organizations to quickly and efficiently deploy updates such as the ones recommended by CISA and ensure a hardened network infrastructure.”

“By automating the implementation of patches and upgrades, network operations teams can make this task achievable across the entire network in minutes, and eliminate the potential for human error”, adds Kahl.

Furthermore, Kahl says: “New patches are then implemented as the system receives them, further reducing the attack surface. What’s more, the right tools will provide detailed reporting on the status of patches – network security teams can rest assured that patches were installed correctly and in a timely manner.”

In terms of final advice, Kahl states: “We recommend organizations leverage their automation tools not only to identify and remediate the issues identified here, but to create an environment that continuously improves the health, performance, and compliance of their network security.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

Calling for urgent action is the international medical humanitarian organization Doctors Without Borders/Médecins Sans Frontières (MSF)

World

Immigration is a symptom of a much deeper worldwide problem.

Business

Saudi Aramco President & CEO Amin Nasser speaks during the CERAWeek oil summit in Houston, Texas - Copyright AFP Mark FelixPointing to the still...

Business

A recent article in the Wall Street Journal infers that some workers might be falling out of the job market altogether.